[Typo3-dev] Ldap implementation

Didier Gehéniau didier.geheniau at feas.net
Mon Apr 18 20:41:29 CEST 2005 


> -----Original Message-----
> From: typo3-dev-bounces at lists.netfielders.de 
> [mailto:typo3-dev-bounces at lists.netfielders.de] On Behalf Of 
> Daniel Thomas
> Sent: Tuesday, April 12, 2005 8:26 AM
> To: List for Core-/Extension development
> Subject: Re: [Typo3-dev] Ldap implementation


> Do I get this right that you want to support static group 
> membership in 
> the synchronisation process?

Openldap works this way by default. Group memberships are only stored in
groups and not in the user record.

> What puzzles me about Your changes is that You add code 
> concerned with 
> the actual synchronistation logic in three places:
> - the authentification service class

You get your user groups from the user record (as implementend in ADS). I
need to get groupmemberships directfrom the groups, so I inserted a group
fetch in the authentication module, so I can sync the data when someone logs
in.

> - the synchronistaion module class
Again here it conserns fetching group memberships from the group records in
ldap needed for the synchronisation

> - the framework utility class (where it really belongs)
Here the typo3 uid are resolved (no connection is made to ldap here), also a
admin check is done.

> 
> The extension system was built with the aim to avoid such 
> redundancy by 
> splitting code pieces in order to make them easily reusable. 

I know what you mean, I wanted my changes to be reverse compatible with your
version and I needed something to fetch groupmemberships from the usergroup
record and not from the user record.
 
> When You made Your changes in the tx_ldapserver class You have without
doubt 
> seen the outcommented function getStaticFEGroups directly above Your 
> new function getStaticGroups. This function is outcommented because I 
> did not yet make it configurable enough and haven't tested it 
> thoroughly. However, the concept should be easy to grasp and it deals 
> with static group membership without having to change the 
> other classes 
> as well.
> Could you explain to me what your changes do that could not be done 
> with this function if we were to change one or two lines to make 
> configuration easier

1. This is only for FE groups, my static groups is for FE and BE groups;
2. You sync at login, so there you fetch the groupmemberships. You sync them
with the user record I need to get them from the group records. So for speed
I do not want to make an other connection to ldap lateron and store the
groups in a globalvar;

> and change the name into something more general 
> like the getStaticGroups you have proposed.

??????

>
>
>

When typo3 goes to a major change maybe we can talk of change the code in
general, but I think this implementation takes care of reverse conpatibiltiy
with your previous version.

My idee is only a ldap connection at login or synchronization;
Sync user and auth info when loging in;
Sync groups first then users ( users need groups to find their memeberships
and typo3 stores group ids in the user records so the groups have to be in
typo3 when searching for the uids of the groups)

Regards,

Didier

More information about the TYPO3-dev mailing list